CVE-2025-11738 is a vulnerability identified in the Media Library Assistant plugin for WordPress, specifically in the mla-stream-image.php file. This vulnerability allows an unauthenticated attacker to perform limited arbitrary file reading on the server by manipulating file name or path parameters. The affected files include AI, EPS, PDF, and PS formats, which are commonly used for vector graphics and documents and may contain sensitive or proprietary information. The root cause is an external control of file name or path (CWE-73), where insufficient validation or sanitization allows attackers to specify file paths outside the intended scope. The vulnerability affects all versions up to and including 3.29 of the plugin. Exploitation requires no authentication or user interaction, and the attack vector is network-based, meaning an attacker can exploit it remotely over the internet. The CVSS v3.1 base score is 5.3, indicating a medium severity level due to the limited confidentiality impact and no effect on integrity or availability. No patches or fixes were linked at the time of disclosure, and no known exploits have been observed in the wild. However, the exposure of sensitive files could lead to information disclosure, which may facilitate further attacks or data breaches. The plugin is widely used in WordPress environments, which are prevalent across many European organizations, especially those managing digital media assets.

The primary impact of CVE-2025-11738 is unauthorized disclosure of sensitive information stored in AI, EPS, PDF, and PS files on affected servers. For European organizations, this could mean exposure of intellectual property, confidential business documents, or personal data, potentially violating GDPR and other data protection regulations. The vulnerability does not allow modification or deletion of files, so integrity and availability impacts are minimal. However, the confidentiality breach could enable attackers to gather intelligence for further targeted attacks, phishing, or social engineering. Organizations in sectors such as media, publishing, design, and marketing, which frequently use vector and document files, are particularly at risk. The ease of exploitation (no authentication or user interaction required) increases the likelihood of opportunistic scanning and exploitation attempts. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate it, especially as public disclosure may prompt attackers to develop exploits. European entities hosting WordPress sites with this plugin should consider the potential reputational and regulatory consequences of data leakage.

1. Monitor for and apply official patches or updates from the dglingren Media Library Assistant plugin as soon as they become available. 2. In the absence of patches, restrict access to the mla-stream-image.php file using web server configuration (e.g., deny direct access via .htaccess or nginx rules) to prevent unauthenticated requests. 3. Implement web application firewall (WAF) rules to detect and block suspicious requests targeting file path parameters in the plugin. 4. Conduct an audit of all AI, EPS, PDF, and PS files stored on the server to identify and remove or relocate sensitive files away from web-accessible directories. 5. Review and tighten file permission settings to limit exposure of sensitive files to the web server user. 6. Enable logging and monitoring for unusual access patterns to the plugin’s scripts to detect potential exploitation attempts early. 7. Educate site administrators about the risks of using outdated plugins and the importance of timely updates. 8. Consider alternative plugins or solutions if timely patching is not feasible, especially for high-risk environments.